lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] [bug #25467] Listen backlog is not reset on timeout in


From: Piero 74
Subject: Re: [lwip-devel] [bug #25467] Listen backlog is not reset on timeout in SYN_RCVD
Date: Fri, 6 Feb 2009 08:05:27 +0100

GOOD NEWS!!  i send my code with my lwip-based application, with
 simon's patch (corrected by me) to my company product test group (they
 found code stuck using 2 hacking attaccks): they reported me that now
 both bugs are fixed!!

bye
Piero


2009/2/3, piero <address@hidden>:
>
> Follow-up Comment #2, bug #25467 (project lwip):
>
> Hi tested the patch. There was some errors in compilation.
>
> I changed the code (i think in a correct way):
>
> ...
>     LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purgen"));
>
> // piero
> // patch from Simon in lwip forum
> #if TCP_LISTEN_BACKLOG
>     if (pcb->state == SYN_RCVD) {
>       /* Need to find the corresponding listen_pcb and decrease its
> accepts_pending */
>       struct tcp_pcb_listen *lpcb;
>       LWIP_ASSERT("tcp_pcb_purge: pcb->state == SYN_RCVD but tcp_listen_pcbs
> is NULL",
>         (tcp_listen_pcbs.listen_pcbs != NULL) );
>       for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb =
> lpcb->next) {
>         if ( (lpcb->local_port == pcb->local_port) &&
>             (ip_addr_isany(&(lpcb->local_ip)) ||
>              ip_addr_cmp( &(pcb->local_ip), &(lpcb->local_ip) ) )) {
>             /* port and address of the listen pcb match the timed-out pcb */
>             LWIP_ASSERT("tcp_pcb_purge: listen pcb does not have accepts
> pending",
>               lpcb->accepts_pending > 0);
>             lpcb->accepts_pending--;
>             break;
>           }
>       }
>     }
> #endif /* TCP_LISTEN_BACKLOG */
> //
>
>     if (pcb->refused_data != NULL) {
> ....
>
>
> I did some tests using NMAP... it seems to work!
> If i understood how Simon patch the lwip code, i suppose there is no impact
> in other functionality... anyway, i did some test on my application, to
> check
> normal behaviour.
>
> Now, when SYN/RST is received (NMAP does this for scanning ports) OR only a
> SYN packet is received, the accepts_pending is purged
> (in the first case when RST is received... i checked with debugger, in the
> second case, when a timeout for SYN_RCVD is elapsed (20000ms) in
> slow_timer...
> i don't have a tool to test this specific situation, i'm finding it...)
>
> I will post here future news about thsi bug and Simon's patch.
>
> Piero
>
>     _______________________________________________________
>
> Reply to this item at:
>
>   <http://savannah.nongnu.org/bugs/?25467>
>
> _______________________________________________
>   Messaggio inviato con/da Savannah
>   http://savannah.nongnu.org/
>
>
>
> _______________________________________________
> lwip-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/lwip-devel
>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]